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BACKGROUND OF THE INVENTION 



This invention relates generally to communicating data in 
a secure fashion, and more particularly to a cryptographic 
system and methods using public key cryptography. 15 

Computer systems are found today in virtually every walk 
of life for storing, maintaining, and transferring various 
types of data. The integrity of large portions of this data. j 
especially that portion relating to financial transactions, is 
vital to the health and survival of numerous commercial 20 ; 
enterprises. Indeed, as open and unsecured data communi- 
cations channels for sales transactions gain popularity, such 
as credit card transactions over the Internet, individual 
consumers have an increasing stake in data security. 

Thus, for obvious reasons, it is important that financial 25 
transaction communications pass from a sender to an 
intended receiver without intermediate parties being able to 
interpret the transferred message. 

Cryptography, especially public key cryptography, has 30 
proven to be an effective and convenient technique of 
enhancing data privacy and authentication. Data to be 
secured, called plaintext, is transformed into encrypted data, 
or ciphertext. by a predetermined encryption process of one 
type or another. The reverse process, transforming ciphertext 35 
into plaintext, is termed decryption. Of particular impor- 
tance to this invention is that the processes of encryption and 
decryption are controlled by a pair of related cryptographic 
keys. A "public" key is used for the encryption process, and 
a "private" key is used to decrypt ciphertext. The public key ^ 
transforms plaintext to ciphertext. but cannot be used to 
decrypt the ciphertext to retrieve the plaintext therefrom. 

As an example, suppose a Sender A wishes to send 
message M to a recipient B. The idea is to use public key E 
and related private key D for encryption and decryption of 45 
M. The public key E is public information while D is kept 
secret by the intended receiver. Further, and importantly, 
although E is determined by D, it is extremely difficult to 
compute D from E Thus the receiver, by publishing the 
public key E. but keeping the private key D secret, can 50 
assure senders of data encrypted using E that anyone who 
intercepts the data will not be able to decipher it. Examples 
of the public key/private key concept can be found in U.S. 
Pat. Nos. 4200.770. 4.218.582. and 4.424.414. 

The prior art includes a number of public key schemes, in 
addition to those described in the above-identified patents. 
Over the past decade, however, one system of public key 
cryptography has gained popularity. Known generally as the 
"RS A" scheme, it is now thought by many to be a worldwide 
de facto standard for public key cryptography. The RSA 
scheme is described in U.S. Pat. No. 4.405.829 which is 

> fully incorporated herein by this reference. 
Thi» R3A J ih u i ud nn p ifn li f i 'i uh the r e lat i ve aaot of 
creating a composite number from the product of two prime 65 
Xj^ numbers whereas the attempr'to factor the composite num- 

ber into its constituent npiraes is difficult. The RSA scheme 
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uses a public key E comprising a pair of positive integers i 
and e. where n is a composite number of the form 

n~p-q (1) 

where p and q are different prime numbers. ano/e is a number 
relatively prime to (p-1) and (q-1): ihzytf t is relatively 
prime to (p-1) or (q-1) if e has no factors in common with 
either of them Importantly, the sender has access to n and 
e. but not to p and q. The menage M is a number repre- 
sentative of a message to h^fransmitted wherein 

The sender enpifmers M to create ciphertext C by computing 
15 the exponential 
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(3) 




YhQ^cripient of tho ciphcrtfTt C rftfrH*vis tli e n _ 
20 using a (private) decoding key D, comprising a pajr of 
positive integers d and n. employing the relation 

As used in (4), above, d is a multiplicative inverse of 

<r(mod(lcm((p-l), (^-1)))) / ( 5 ) 

so that 

*^=l(mod(Icm((^-n^?-l)))) f6) 

where lcm((p-l)/(q-l)) is the least common multiple of 
numbers p-1 agdq-1. Most commercial implementations of 
RSA employa different, although equivalent, relationship 
for obtaining d: 
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30 



35 



a tionahip oimplifi o ij eumpuujl pium^inu /*. 
Note: Mathematically (6) defines a set of numbers and (7) 
40 defines a subset of that set For implementation. (7) or (6) 
usually is interpreted to mean d is the smallest positive 
element in the set.) 

The net effect is that the plaintext message M is encoded 
knowing only the public key E (i.e.. e and n). The resultant 
45 ciphertext C can only decoded using decoding key D. The 
composite number n. which is part of the public key E. is 
computationally difficult to factor into its components, 
prime numbers p and q. a knowledge of which is required to 
decrypt C 

50 From the time a security scheme, such as RSA. becomes 
publicly known and used, it is subjected to unrelenting 
attempts to break it. One defense is to increase the length 
(i.e.. size) of both p and q. Not long ago it was commonly 
recommended that p and q should be large prime numbers 75 

55 digits long (i.e.. on the order of 10 75 ). Today, it is not 
uncommon to find RSA schemes being proposed wherein 
the prime numbers p and q are on the order of 150 digits 
long. This makes the product of p and q a 300 digit number. 
(There are even a handful of schemes that employ prime 

60 numbers (p and q) that are larger, for example 300 digits 
long to form a 600 digit product) Numbers of this size, 
however, tend to require enormous computer resources to 
perform the encryption and decryption operations. Consider 
that while computer instruction cycles are typically mea- 

65 sured in nanoseconds (billionths of seconds), computer 
computations of RSA steps are typically measured in mil- 
liseconds (thousandths of seconds). Thus millions of com- 
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putcr cycles are required to compute individual RSA steps 
resulting in noticeable delays to users. 

This problem is exacerbated if the volume of ciphertext 
messages requiring decryption is large— such as can be 
expected by commercial transactions employing a mass 5 
communication medium such as the Internet. A financial 
institution may maintain an Internet site that could conceiv- 
ably receive thousands of enciphered messages every hour 
that must be decrypted, and perhaps even responded to. 
Using larger numbers to form the keys used for an RSA 10 
scheme can impose severe limitations and restraints upon 
the institution's ability to timely respond. 

Many prior an techniques, while enabling the RSA 
scheme to utilize computers more efficiently, nonetheless 
have failed to keep pace with the increasing length of n. p. 15 
and q. 

Accordingly, it is an object of this invention to provide a 
system and method for rapid encryption and decryption of 
data without compromising data security. 

It is another object of this invention to provide a system 20 ! 
and method that increases the computational speed of RSA 
encryption and decryption techniques. 

»4ill duuUiouffi^^ luviuiiuu iu piuvidcnH 
system andjiiethrSl^or implementing an RSA scheme in 

: components of n do not increase in length as n 25 
*rs in If ngthp 

^^^^ ^hfffrohjrrt tn prnvido q system mid - motho 4> 
forujiMsiSfpimlxiplt (more than two), distinct prime number 
^fflfMtnrttffi tn rrrnto m 
It is a further object to provide a system and method for 30 
providing a technique for reducing the computational effort 
for calculating exponentiations in an RSA scheme for a 
given length of n. 

SUMMARY OF THE INVENTION 
h e prcjout im 'o ution-diflolosos a method and uli 




increasing the computational speed of RSA and reefed 
public key schemes by focusing on a neglecteo^fea of 
computation inefficiency. Instead of n=p-q. as is tirversal in 
the prior art. the present invention discloses jrmethod and 
apparatus wherein n is developed from threp'or more distinct 
prime numbers: i.e.. n^-pv. . . -p^ where k is an integer 

greater than 2 and p t . p 2 p k axe Efficiently large distinct 

primes. Preferably, "sufficiently/large primes" are prime 
numbers that are numbers approximately 150 digits long or 
larger. The advantages of>me invention over the prior art 
should be immediate! v^pparent to those skilled in this art. 
If. as in the prior art^p and q are each on the order of. say. 
150 digits long, tjxfn n will be on the order of 300 digits long. 
However, thr^primes p 2 . pj. and p 3 employed in accor- 
dance with^fie present invention can each be on the order of 
100 dipts long and still result in n being 300 digits long. 
Find^g and verifying 3 distinct primes, each 100 digits 
lo ng, requ ires significantly fewer computational cycles than 
LliUjj julI vuilj i mj " 2 primes oaefr 150 digits l o ng- 
y he c o mmorcial need for langor and l o nger prijw* 1 
no evidence of slowing: already there are projected 
ments for n of about 600 digits long to forestall imafmenial 
improvements in factoring techniques and t^e'ever faster 
computers available to break ciphertex^Die invention 
allowing 4 primes each about 150djgkSlong to obtain a 600 
digit n. instead of two prime^bom 350 digits long, results 
in a marked iraprovernen>ilfcomputer performance. For not 
only are primes tha>afe 150 digits in size easier to find and 
verify than one^5n the order of 350 digits, but by applying 65 
techruquejrtffe inventors derive from the Chinese Remainder 
Theorem (CRT), public key cryptography calculations for 
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40 



encryption and decryption are completedjiuHfTaster — even 
if performed seriallyonjjj^ However, 
the inventoi^aedflu^ues are particularly adapted to be 
advajtfage&usly apply enable public key operations to par- 
!<m eornputGr prooeooinft * 

■^^prrflpnt i nvnntifrn ii rr i | i , i l i l i nf in i n njhg R IjA ui'li mi m . 
to perform encryption and decTypujjn-c^sxation using a large 
(many digit) n much faster^J^tflieretofore possible. Other 
advantages of the^jn*eTTCon include its employment for 
10 deayptic^jsitfh^^ need to revise the RSA public 
encryption transforrriation scheme currently in use on thou- 
fMi uf lwgo und iiuall LUluputu 1 ^ 
A key aGcumption nf the present invontion is tha t 
composed of 3 or more sufficiently large distinct prame 
numbers, is no easier (or not very much easier) to faporthan 
the prior art. two prime number n. The assumptipnis based 
on the observation that there is no indication^ffthe prior art 
literature that it is "easy" to factor a product consisting of 
more than two sufficiently large, district prime numbers. 
This assumption may be justifiedgrven the continued effort 
(and failure) among experts tc^flnd a way "easily" to break 
large component nimibersitfmheir large prime factors. This 
assumption is sirnilanin'fhe inventors' view, to the assump- 
tion underlying th^ntire field of public key cryptography 
that factoring cpmposite numbers made up of two distinct 
primes is noj^easy." That is. the entire field of public key 
cryptography is based not on mathematical proof, but on the 
assumnfion that the empirical evidence of failed sustained 
efforts :o find a way systematically to solve NP problems in 
poj^nomial time indicates that these problems truly are 



The invmtiun is pufuaUly uinjlemeiKed in a : 
employs parallel operations to perform th^encryption. 
decryption operations required by the R^<scheme. Thus, 
there is also disclosed a cryptosystem^sttat includes a central 
processor unit (CPU) coupled toa/fiumber of exponentiator 
elements. The exponenuator^lements are special purpose 
arithmetic units designe.d^and structured to be provided 
message data M. anefldyprion key e. and a number n (where 
D =Pi *P2* ■ • • p^oeing greater than 2) and return ciphertext 
C accordmg/to the relationship. 




5 Altuuativtf ly^t hc cxp o nenlitftof o lomcntg may be piiv 
vided the ciphertext Ca^cryption (private) key d and n to 
return M accorgjj>£*fothe relationship. 




■AfimrHinp m th.v irp^f n f rnr j D y r ntion, the CPfr 
receives a task, such as the requirement to decrypt cyptfer- 
text data C. The CPU will also be provided^olhave 
available, a public key e and n. and the factor>^6Tn (p x . p 2 . 
. . . Pjt). The CPU breaks the encryption^sk down into a 
55 number of sub-tasks, and delivers^tfie sub-tasks to the 
exponentiator elements. Whenjh€results of the sub-tasks 
are returned by the expopelStiator elements to the CPU 
which will, using a forpaTof the CRT. combine the results to 
obtain the messa^^ata M. An encryption task may be 
60 performed essentially in the same manner by the CPU and 
its use oftj^Texponentiator elements. However, usually the 
factors^af n are not available to the sender (encryptor). only 
t i i\ > )tf i i i ii i in ii, a n cj n th n t nfT v fo Qrc crcQta ^ 

In a preferred embodiment of this ianer aspect of the 
65 invention, the bus structure used to couple the CPU and 
exponentiator elements to one another is made secure by 
encrypting all important information communicated 
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thereon. Thus, data sent to the exponentiate* elements is 
passed through a data encryption unit that employs, 
preferably, the ANSI Data Encryption Standard (DES). The 
exponential elements decrypt the DES-encrypted sub-task 
information they receive, perform the desired task, and 5 
encrypt the result, again using DES. for return to the CPU. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a simplified block diagram of a cryptosystem 10 
architecture configured for use in the present invention. 

FIG. 2 is a memory map of the address space of the 
cryptosystem of FIG. 1; and 

FIG. 3 is an exemplary illustration of one use of the i5 
invention. 

DETAILED DESCRIPTION OF PREFERRED 
EMBODIMENTS 

As indicated above, the present invention is employed in 20 
the context of the RSA public key encryption/decryption 
scheme. As also indicated, the RSA scheme obtains its 
security from the difficulty of factoring large numbers, and 
the fact that the public and private keys are functions of a ^ 
pair of large (100-200 digits or even larger) prime numbers. 
Recovering the plaintext from the public key and the cipher- 
text is conjectured to be equivalent to factoring the product 
of two primes. 

C\)& ^ ALC o iding totho preaentipwntion. tlio public key portion $ 0 

- is Pi cked * T*" 511 - three^rinore random large, distinct prime 
0 Jdf/ numbers, p^ p-^^plare developed and checked to ensure 
that each>^felativeiy prime to e. Preferably, the prime 

numbefsare of equal length. Then, the product n=p A . p 2 

pr^r rnmpnttlr 35 
\p jv> ^> j= iually: tho decryption koy^. " ^ m ji ublisl i L' d by 
^relationship: 




the rel 
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ttiLSSJgt ! ddu. Mj>cuu>pte.d l u t ipliLiUAl C ujing > 
relationsrup^^Tabove. i.e.. 




45 



Tu dLuyp r rhe j^eTiexu I. the relatlo mliip uf (3). ' 
above, is 



50 



^tfh o r o p m d d nr™ fhffrr^ "p'""" i(i ' fit , *t nhnvtu 

^■^^ Usliig die pitAiui iuvcutitw involving three prir r wK 



L * * dev elop the product n. RSA encryption and decryption time 
J^$/£a a substantially less than an RSA scheme us/^ 
primes by dividing the encryption or deayptioj 
/ sub-tasks, one sub-task for each distinct prjjrfe. (However 
breaking the encryption or decryption in^subtasks requires 
knowledge of the factors of n. ThisJjafSwledge is not usually 
available to anyone except the/owner of the key. so the 
encryption process can be accelerated only in special cases, 
such as encryption for Lafcal storage. A system encrypting 
data, for another usct performs the encryption process 
according to (3 K^kl^ependent of the number of factors of n. 
Decryption. Ofnhe other hand, is performed by the owner of 
a key. so^rfe factors of n are generally known and can be 
used ^accelerate the process.) For example, assume that 
thre/distinct primes. p P p 2 . and p 3 . are used to develop the 
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product n. Thus, decryption of the ciphertext. C. using mt 
relationship 

M=C*(mod n) 

is used to develop the decryption sub-tasks: 

M 2 =C 2 dz mod p 2 
M 3 =C 3 et hnod p 3 

where 

C l =Onod p { ; 
C 2 =Cmod p 2 \ 




20 



^ Thr rr-mltri nf rnrh nrfr fr * cU Af y nnH M _r 

Qb combined to produce the plaintext. M. by a number, 

CL/ techniques. However, it is found that they can most e^pe- 
iK \lr ditiously be combined by a form of the Chinese Reminder 
Theorem (CRT) using, preferably, a recursive rfeheme. 
Generally, the plaintext M is obtained from the combination 
30 of the individual sub-tasks by the following relationship: 



*r= *Vi +[ {Mr Yi-i ) r'mod Pi )mod pj wpod 



where 



35 



and 



40 



M = Y k . Yi = Ci. and w, = n Pj 
J<> 

Encryption is performed in muon the same manner as that 
used to obtain the plaintext M. Provided (as noted above) the 
factors of n are available. Trjos. the relationship 
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C=AT(mod n\ 

can be broken down 
C^M/'mod P] 
50 C 2 -M 2 ^mod p 2 

where 

55 



60 



In gnnnrnlirfid form, t he decrypted mcajauc M lau be ■ 
obtained by the^sajae-stmimation identified above to obtain 
t ho c?iprrerl e ArCflomliJ> tontiguouj conjtitumt sub-ui>ks 
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preferably , rhff rrcwttivi CRT method Uworibod above 
used to obtain either the ciphertext. C. or the deciphered 
plaintext (message) M due to its speed. Howevei>ttfere may 
be occasions when it is beneficial to use action-recursive 
technique in which case the following relationships are used: 5 



M = I Mjiw' 1 mod pi)wi mod r 
where 



rand 



k ti/thc number (3 or more) of distinct primes chosen to is 
rfvelop the product n * 
Thuj. feu 1 example above (li-3) i M ic concta 
returned sub-task values M A . M 2 . M^JbjTule relationship 



M=M l (w l 1 mod p Y ) m-,i 
imod p 3 ) H- 3 mod / 



~ ! mod p 2 ) H- 2 mod n +M 3 (w 3 ~ 



where 




Employing the multiple distinct prime number technique 25 
of the present invention in the RSA scheme can realize 
accelerated processing over that using only two primes for 
the same size n. The invention can be implemented on a 
single processor unit or even the architecture disclosed in the 
above-referenced U.S. Pat. No. 4.405.829. The capability of 30 
developing sub-tasks for each prime number is particularly 
adapted to employing a parallel architecture such as that 
illustrated in FIG. 1. 

Turning to FIG. 1, there is illustrated a cryptosystem 
architecture apparatus capable of taking particular advan- 35 
tage of the present invention. The cryptosystertL designated 
with the reference numeral 10. is structured to form a part of 
a larger processing system (not shown) that would deliver to 
the cryptosystem 10 encryption and/or decryption requests, 
receiving in return the object of the request — an encrypted 40 
or decrypted value. The host would include a bus structure 
12. such as a peripheral component interface (PCI) bus for 
communicating with the cryptosystem 10. 

As FIG. 1 shows. The crypt oprocessor 10 includes a 
central processor unit (CPU) 14 that connects to the bus 45 
structure 12 by a bus interface 16. The CPU 14 comprises a 
processor element 20. a memory unit 22. and a data encryp- 
tion standard (DES) unit 24 interconnected by a data/address 
bus 26. The DES unit 24. in turn, connects to an input/output 
(I/O) bus 30 (through appropriate driver/receiver circuits — 50 
not shown). 

The I/O Lroo 30 communicatively oonntUA UiLpTO lu 
number of exponentiator elements 32 a . yi^^sstf^Z^ Shown 
here are three exponentiator eiements^kriough as illustrated 
by the "other** exponentiators 3J^additional exponenuator 55 
elements can be added. Eacji^xponentiator element is a state 
machine controlled arithmetic circuit structured specifically 
to implement thp^elationship described above. Thus, for 
example. thpxexponentiator 32a would be provided the 
values W{. and p. n to develop C r Similarly, the 60 
exponentiator circuits 326 and 32c develop C- and C 3 from 
■e spumitog subuisk values M 2 *ft. I'm-M^l,. and P^ sa 
Preferably, the CPU 14 is formed on a single integrated 
circuit for security reasons. However, should there be a need 
for more storage space than can be provided by the "on- 65 
board" memory 22. the bus 30 may also connect the CPU 14 
to an external memory unit 34. 
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■ I n orclrr to nnjuii j serine envUouiiiLiu. ii 15 preferabli 
thai the cryptosystem 10 meet the Federal Inforn 
Protection System (FTPS) level 3. Accordingly, the ektfnents 
that make up the CPU 14 would be impleraentttWna design 
that will be secure from external probing^or the circuit. 
However, information comjnunicatedxra the I/O bus 30 
between the CPU 14 and the expo^emiator circuits 32 (and 
external memory 34 — if prese^afjis exposed. Consequently, 
to maintain the securityxor that information, it is first 
encrypted by the DES^unit 24 before it is placed on the I/O 
bus 30 by the CRfepf4. The exponentiator circuits 32. as well 
as the exterjjrfmemory 34. will also include similar DES 
ecrypt information received from the CPU. and 
to encrypt information l 'o unuiti TU tin CPU 14l 
It may be that not all information communicated on the 
15 I/O bus 30 need be secure by DES encryption. For that 
reason, the DES unit 24 of the CPU 14 is structured to 
encrypt outgoing information, and decrypt incoming 
information, on the basis of where in the address space used 
by the cryptosystem the information belongs; that is. since 
20 information communicated on the I/O bus 30 is either a write 
operation by the CPU 14 to the memory 34. or a read 
operation of those elements, the addresses assigned to the 
secure addresses and non-secure addresses. Read or write 
M,,*- operations conducted by the CPU 14 using secure addresses 

U W 25 will pass through the DES unit 24 and that of the memory 

i I) y 34. Read or write operations involving non-secure addresses 

will by-pass these DES units. 

FIG. 2 diagrammatically illustrates a memory map 40 of 
^j! the address space of the cryptosystem 10 that is addressable 

rM™ 30 by the processor 20. As the memory map 40 shows, an 

f rH's address range 40 provides addresses for the memory 22. and 

3 Li such other support circuitry (e.g.. registers — not shown) that 

" m may form a pan of the CPU 14. The addresses used to write 

information to. or read information from, the exponentiator 
{ 4 ! 35 elements 32 are in the address range 44 of the memory map 

40. The addresses for the external memory 34 are in the 
f ^ j address ranges 46. and 48. The address ranees 44 and 46 are 

a^f: for secure read and write operations. Information that must 

^3.;! be kept secure, such as instructions for implementing 

13^ 40 algorithms, encryption/decryption keys, and the like, if 

maintained in external memory 34. will be stored at loca- 
-: c ;] tions having addresses in the address range 46. Information 

that need not be secure such as miscellaneous algorithms 
data, general purpose instructions, etc. are kept in memory 
45 locations of the external memory 34 having addresses within 
the address range 48. 

The DES unit 24 is structured to recognize addresses in 
the memory spaces 44. 46. and to automatically encrypt the 
information before it is applied to the I/O bus 30. The DES 
50 unit 24 is bypassed when the processor 20 accesses 
addresses in the address range 48. Thus, when the processor 
20 initiates write operations to addresses within the memory 
space within the address range 46 (to the external memory 
34 j. the DES unit 24 will automatically encrypt the infor- 
55 mation (not the addresses) and place the encrypted infor- 
mation on the I/O bus 30. Conversely, when the processor 20 
reads information from the external memory 34 at addresses 
within the address range 46 of the external memory 34. the 
DES unit will decrypt information received from the I/O bus 
60 30 and place the decrypted information on the data/address 
bus 26 for the processor 20. 

In simitar fachinn , i nformati o n conveyed t o or rejsio vsd. 
from the exponentiators 32 by the processc£^20"*t5y write or 
read operations at addresses witJu^-thCaddress range 44. 
65 Consequently. writej.ja-the-^xponentiators 32 will use the 
DES unhJA^ocD crypt the information. When that 
(e^erypted) information is received by the exponentiators 
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32. it is decrypted by on-board PES ua jtM<5f each expo- 
nentiate* 32). The rnnjrj of rhr rniFfirrfnrmrrl by the 
exponentia^o^3>irlEen encrypted by the exponentiator's 
on-bga«r*DES unit, retrieved by the processor 20 in 
pted- feem and then decry pted by rhr DCS un it ?rt 5 
Information that need not be maintained in secure fashion 
to be stored in the external memory 34. however, need only 
be written to addresses in the address range 48. The DES 
unit 24 recognizes writes to the address range 48. and 
bypasses the encryption circuitry, passing the information, in io 
unencrypted form, onto the I/O bus 30 for storing in the 
external memory 34. Similarly, reads of the external 
memory 34 using addresses within the address range 48 are 
passed directly from the I/O bus 30 to the data/address bus 
26 by the DES unit 24. 15 

In operation, the CPU 14 will receive from the host it 
serves (not shown), via the bus 12, an encryption request. 
The encryption request will include the message data M to 
be encrypted and. perhaps, the encryption keys e and n (in 
the form of the primes pj, p 2 , . . . p^. Alternatively, the keys 20 
may be kept by the CPU 14 in the memory 22. In any event, 
the processor 20 will construct the encryption sub-tasks Cj. 

C 2 Cjk for execution by the exponentiators 32. 

A^umi. fui tlitrpuipuje u f the xuiUlllidei Of Up» 
discussion, that the encryption/decryption tasks performed 25 
by the cryptosystem 10. using the presen>^fnvention. 
employs only three distinct primes. p L . p^p^TThe processor 
20 will develop the sub tasks idenrMedabove. using M. e. 
Pi P2- P3 Thus, for example. i£#reexponentiator 32a were 
assigned the sub-task of developing C^ the processor would 30 
develop the valuesMfT e ls and (pi-1) and deliver units 
(write) these ifattSes. with n. to the exponentiator 32a. 
Similar ^vakJes will be developed by the processor 20 for the 
subpters^s that will be delivered to the exponentiators 32b 
wmd 32tfi- 35 

In turn, the exponentiators 32 develop the values Q. C 2 . 
and C 3 which are returned to (retrieved by) the CPU 14. The 
processor 20 will then combine the values C { . C 2 . and C 3 to 
form C. the ciphertext encryption of M. which is then 
returned to the host via the bus 12. 40 

The encryption, decryption techniques described 
hereinabove, and the use of the cryptosystem 10 (FIG. 1) can 
find use in a number of diverse environments. Illustrated in 
FIG. 3 is one such environment. FIG. 3 shows a host system 
50. including the bus 12 connected to a plurality of crypto- 45 

systems 10 ( 10a. 10b 10m) structured as illustrated in 

FIG. 1. and described above. In turn, the host system 50 
connects to a communication medium 60 which could be. 
for example, an internet connection that is also used by a 
number of communicating stations 64. For example, the host 50 
system 50 may be employed by a financial institution 
running a web site accessible, through the communication 
medium, by the stations 64. Alternatively, the communica- 
tion medium may be implemented by a local area network 
(LAN) or other type network. Use of the invention described 55 
herein is not limited to the particular environment in which 
it is used, and the illustration in FIG. 3 is not meant to limit 
in any way how the invention can be used. 

As an example, the host system, as indicated, may receive 
encrypted communication from the stations 64. via the 60 
communication medium 60. Typically, the data of the com- 
munication will be encrypted using DES. and the DES key 
will be encrypted using a public key by the RSA scheme, 
preferably one that employs three or more distinct prime 
numbers for developing the public and private keys. 65 

Continuing, the DES encrypted communication, includ- 
ing the DES key encrypted with the RSA scheme, would be 



